Siemens Tecnomatix Plant Simulation

🗓️ 10 Sep 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 10 Views

Siemens Tecnomatix Plant Simulation vulnerability with stack-based buffer overflow can be exploited to execute code in the context of the current process. Update affected versions to V2302.0015 or V2404.0004 or later, and avoid opening untrusted SPP files to reduce the risk

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-41170	10 Sep 202413:23	–	circl
CNNVD	Siemens Tecnomatix Plant Simulation 安全漏洞	10 Sep 202400:00	–	cnnvd
CNVD	Siemens Tecnomatix Plant Simulation Stack Buffer Overflow Vulnerability (CNVD-2024-38014)	12 Sep 202400:00	–	cnvd
CVE	CVE-2024-41170	10 Sep 202409:36	–	cve
Cvelist	CVE-2024-41170	10 Sep 202409:36	–	cvelist
EUVD	EUVD-2024-38959	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Siemens products	10 Sep 202418:20	–	ncsc
NVD	CVE-2024-41170	10 Sep 202410:15	–	nvd
RedhatCVE	CVE-2024-41170	9 Jan 202608:34	–	redhatcve
Vulnrichment	CVE-2024-41170	10 Sep 202409:36	–	vulnrichment

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-427715.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-427715.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-12.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-256-12
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

10 Sep 2024 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 47.3

CVSS 3.17.8

EPSS0.00091

SSVC